ensure => absent,
}
- apache2::config { 'ressource-limits':
- ensure => absent,
- }
-
if has_role('udd') {
$memlimit = 512 * 1024 * 1024
} elsif has_role('dgit_git') {
source => 'puppet:///modules/apache2/headers',
}
+ apache2::config { 'disabled-service':
+ source => 'puppet:///modules/apache2/disabled-service',
+ }
+
apache2::module { 'mpm_event': ensure => absent }
if has_role('apache_prefork') {
apache2::module { 'mpm_worker': ensure => absent }
apache2::module { 'mpm_prefork': ensure => absent }
apache2::module { 'mpm_worker': }
}
- if $::lsbmajdistrelease > 7 {
+ if versioncmp($::lsbmajdistrelease, '7') > 0 {
file { '/etc/apache2/mods-available/mpm_worker.conf':
content => template('apache2/mpm_worker.erb'),
}
content => template('apache2/disabled-index.html'),
}
+ file { '/var/log/apache2':
+ ensure => directory,
+ mode => '0755',
+ }
file { '/var/log/apache2/.nobackup':
mode => '0644',
content => '',
ensure => installed,
}
- if $::hostname in [beach,buxtehude,picconi,pkgmirror-csail] {
- include apache2::dynamic
- } else {
- @ferm::rule { 'dsa-http':
- prio => '23',
- description => 'Allow web access',
- rule => '&SERVICE(tcp, (http https))'
+ if (! has_role('apache_not_public')) {
+ if has_role('apache_ratelimited') {
+ include apache2::dynamic
+ } else {
+ @ferm::rule { 'dsa-http':
+ prio => '23',
+ description => 'Allow web access',
+ rule => '&SERVICE(tcp, (http https))'
+ }
+
+ @ferm::rule { 'dsa-http-v6':
+ domain => '(ip6)',
+ prio => '23',
+ description => 'Allow web access',
+ rule => '&SERVICE(tcp, (http https))'
+ }
}
}
- @ferm::rule { 'dsa-http-v6':
- domain => '(ip6)',
- prio => '23',
- description => 'Allow web access',
- rule => '&SERVICE(tcp, (http https))'
- }
-
exec { 'service apache2 reload':
path => '/usr/bin:/usr/sbin:/bin:/sbin',
command => 'service apache2 reload',
content => template('apache2/ssl-key-pins.erb'),
notify => Exec['service apache2 reload'],
}
+
+ file { '/etc/cron.d/puppet-export-scheduled-shutdown': ensure => absent, }
+ concat::fragment { 'dsa-puppet-stuff--apache-export-shutdown':
+ target => '/etc/cron.d/dsa-puppet-stuff',
+ content => @(EOF)
+ */2 * * * * root mkdir -p /run/dsa/shutdown-marker; if dsa-is-shutdown-scheduled; then echo 'system-in-shutdown' > /run/dsa/shutdown-marker/shutdown-in-progress; else rm -f /run/dsa/shutdown-marker/shutdown-in-progress; fi
+ | EOF
+ }
+ apache2::config { 'local-scheduled-shutdown':
+ source => 'puppet:///modules/apache2/local-scheduled-shutdown',
+ }
}
projects / mirror / dsa-puppet.git / blobdiff